Encryption/Decryption
These two endpoint implements the encryption and decryption of short data message using the AES scheme.
Allowed users
Allowed
Required access scope
keymgmt:use:<KID>
where <KID>
is a Key ID as 32 chars hexadecimal string
Encrypt
Encrypt a message
POST
https://my.ence.do/api/crypto/cipher/encrypt
Encrypt a short data message and return ciphertext.
Headers
Authorization*
String
Bearer JWT_TOKEN
Content-Type*
String
application/json
Request Body
alg*
String
Algorithm to use (e.g. AES256-GCM)
ext_kid
String
External Key ID, 32 chars hex string
kid*
String
Key ID, 32 chars hex string
msg
String
Plaintex to encrypt
pubkey
String
Base64 encoded external public key
ctx
String
Additional context data (HKDF argument)
aad
String
Optional AAD data for AES-GSM only
The key type pointed by ext_kid
or represented by pubkey
MUST be the same as the kid
key type. Otherwise, indirect ECDH will be failed.
Possible alg
values
alg
valuesAES128-ECB
Regard to NIST SP 800-38A
AES128-CBC
Regard to NIST SP 800-38A
AES128-GCM
Regard to NIST SP 800-38D
AES192-ECB
Regard to NIST SP 800-38A
AES192-CBC
Regard to NIST SP 800-38A
AES192-GCM
Regard to NIST SP 800-38D
AES256-ECB
Regard to NIST SP 800-38A
AES256-CBC
Regard to NIST SP 800-38A
AES256-GCM
Regard to NIST SP 800-38D
Response data for successful operation
ciphertext
String
Base64 encoded ciphertext
iv
String
Base64 IV generated by the process
tag
String
Optional TAG in base64 (for AES-GCM only)
Log entries
LOG_TYPE_FAILED_SCOPE_CHECK
LOG_RESULT_FAILED
403
LOG_TYPE_CRYPTO_ENCRYPT
LOG_RESULT_ERROR
400
LOG_TYPE_CRYPTO_ENCRYPT
LOG_RESULT_FAILED
406
LOG_TYPE_CRYPTO_ENCRYPT
LOG_RESULT_OK
200
Decrypt
Decrypt a message
POST
https://my.ence.do/api/crypto/cipher/decrypt
Decrypt a short data message and return plaintext.
Headers
Authorization*
String
Bearer JWT_TOKEN
Content-Type*
String
application/json
Request Body
alg
String
Algorithm to use (e.g. AES256-GCM)
ext_kid
String
External Key ID, 32 chars hex string
kid*
String
Key ID, 32 chars hex string
msg
String
Ciphertext to decrypt
pubkey
String
Base64 encoded external public key
ctx
String
Additional context data (HKDF argument)
iv
String
Ciphertext IV
tag
String
TAG value if AES-GCM used
aad
String
Optional AAD data for AES-GSM only
The key type pointed by ext_kid
or represented by pubkey
MUST be the same as the kid
key type. Otherwise, indirect ECDH will be failed.
Possible alg
values
alg
valuesCheck the list here.
Response data for successful operation
plaintext
String
Base64 decrypted plaintext
Log entries
LOG_TYPE_FAILED_SCOPE_CHECK
LOG_RESULT_FAILED
403
LOG_TYPE_CRYPTO_DECRYPT
LOG_RESULT_ERROR
400
LOG_TYPE_CRYPTO_DECRYPT
LOG_RESULT_FAILED
406
LOG_TYPE_CRYPTO_DECRYPT
LOG_RESULT_OK
200
Last updated